Cyber Security Review Release Is Imminent

The Obama administration will release its plans for a major overhaul of the nation's cyber security policies in the coming days, a senior administration official said today.

Speaking to intelligence industry professionals in McLean, VA,  Melissa Hathaway, tasked by the White House with a 60-day review of the nation's cybersecurity infrastructure, said that the H1N1 flu response had delayed the roll-out.

In her speech, Hathaway did not say much about the administration's policy changes, although published reporters indicate that Obama plans to create a powerful national cybersecurity directorate that would work through the Department of Homeland Security, establish a national cybersecurity recovery plan and resolve longstanding conflicts between agencies.

The review was finished last week; Hathaway worked with a small team of cybersecurity experts, reviewing exiting laws, cataloging tasks and recommendations and soliciting input from government agencies and outside industries.

Her main conclusion: "The federal government is not organized to addressed this growing problem."

The report, she said, includes recommendations to the president and an action plan. It does not address - as much - specific vulnerabilities.

What Hathaway did say was disturbing enough:  during the 60-day review, the government faced several acute cybersecurity problems, including the Conflicker worm, the hacking into a Federal Aviation Administration database and a mal-ware shutdown of a government travel website used by the White House and dozens of other agencies.   She noted recent CIA reports about hackers who disrupted the U.S. power grid and efforts to hack into ATMs.

Cybersecurity, Hathaway said,  does not conflict with "innovation, civil liberties and privacy rights."  I bet you'll often hear this refrain from the Obama administration.  The review addressed "all missions," she said, including "computer network defense, law enforcement investigations," military, intelligence, counterintelligence and infrastructure protection.    "Scores of legal issues emerged during the review," she said, including privacy rights, data aggregation, liability and more.

Hathaway spoke to a forum sponsored by INSA, the Intelligence and National Security Alliance, an industry think tank.  INSA prepared its own cybersecurity review, parts of which influenced Hathaway's thinking, she said.

A note on Hathaway: she's a trip. Her speech included references to pop psychology, marketing and advertising, the Nintendo Wii, the movie War Games and Star Wars.